Heretofore, a method employing an IC card, for example, has been adopted as a method which securely stores digital contents. The IC card includes a secure memory area which is accessible from only a tamper resistant module and which cannot be read out by unauthorized means. Since, however, the secure memory area has been small in capacity, the digital contents to be protected have been encrypted, with a decrypting key stored in the secure memory area, and the encrypted digital contents have been stored in the normal memory area of a terminal or in a memory card. In case of adopting such a storage aspect, the key for decrypting the digital contents is distributed to the secure memory by employing an encryption communication channel, and the encrypted digital contents are distributed to the normal memory area later, as disclosed in JP-A-2002-124960 by way of example.
With the enlargement of the capacity of the memory of an IC card in recent years, it has been highly desired to store digital contents themselves in a secure memory. However, data received from outside cannot be directly written into the secure memory area, and this secure memory area is accessible from only a tamper resistant module. Accordingly, in a case where the tamper resistant module is performing any other process of high load, or the like, the distributed information might fail to be retained.
With the intention of preventing such a drawback, there is considered a procedure in which, in a case where the tamper resistant module is performing any other process, that is, when it is in a busy state, the data are temporarily retained in a relay terminal, whereupon the temporarily retained data are moved to the secure memory through the tamper resistant module at a suitable timing.
With this procedure, however, when the IC card is moved to a different card reader/writer, the temporarily retained data cannot be moved to the secure memory being the final storage area. It cannot be grasped, either, that the data retained in the card reader/writer are the temporarily retained data.
It increases the load of the card reader/writer and is also problematic on security that the card reader/writer keeps storing the information which is to be transferred to the tamper resistant module.